Added v24.10.2 post

diff --git a/content/blog/2024/security-release-v24-10-2.md b/content/blog/2024/security-release-v24-10-2.md
new file mode 100644 (file)
index 0000000..9c59232
--- /dev/null
+++ b/content/blog/2024/security-release-v24-10-2.md
@@ -0,0 +1,33 @@
++++
+categories = ["Releases"]
+tags = ["Releases"]
+title = "BookStack Security Release v24.10.2"
+date = 2024-11-13T12:00:00Z
+author = "Dan Brown"
+image = "/images/blog-cover-images/cc-by-sa-4/fence2-dietmar-rabich.jpg"
+slug = "bookstack-release-v24-10-2"
+draft = false
++++
+
+BookStack v24.10.2 has been released.
+
+This is a security release to address a vulnerability in our dependencies where specifically formatted requests could be used to manipulate application configuration in environments where a certain PHP option (register_argc_argv) is enabled. This is not an option that's typically enabled in production web-serving environments, but it's advised to update where uncertain.
+
+* [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
+* [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v24.10.2)
+
+### Full List of Changes
+
+* Updated application PHP dependencies.
+* Updated translations with latest Crowdin changes. ([#5317](https://github.com/BookStackApp/BookStack/pull/5317))
+
+### For More Information
+
+If you have any questions or comments about this advisory:
+* Open an issue in [the BookStack GitHub repository](https://github.com/BookStackApp/BookStack/issues).
+* Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
+* Follow the [BookStack security policy](https://github.com/BookStackApp/BookStack/blob/development/.github/SECURITY.md) to contact someone privately.
+
+----
+
+<span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://commons.wikimedia.org/wiki/File:D%C3%BClmen,_Kirchspiel,_Wiese_in_der_Bauerschaft_B%C3%B6rnste_--_2016_--_1523-9.jpg">Dietmar Rabich (CC-BY-SA 4.0)</a> - Image Modified</span></span>
\ No newline at end of file

diff --git a/static/images/blog-cover-images/cc-by-sa-4/attribution.txt b/static/images/blog-cover-images/cc-by-sa-4/attribution.txt
index 1566c16a7fb005b0898c9f812528f54f6a817624..9d0feeacec659a1765887e00ad12a32239b9e4b3 100644 (file)
--- a/static/images/blog-cover-images/cc-by-sa-4/attribution.txt
+++ b/static/images/blog-cover-images/cc-by-sa-4/attribution.txt
@@ -21,4 +21,9 @@ Image modified in usage (Cropped, resized, sharpened).
 pallastunturi-simo-rasanen.webp
 Copyright Ximonic (Simo Räsänen)
 Source: https://commons.wikimedia.org/wiki/File:Path_to_Pallastunturi_in_autumn_color_display,_Muonio,_Lapland,_Finland,_2021_September.jpg
-Image modified in usage (Resized, sharpened, converted).
\ No newline at end of file
+Image modified in usage (Resized, sharpened, converted).
+---
+fence2-dietmar-rabich.jpg
+Copyright Dietmar Rabich
+Source: https://commons.wikimedia.org/wiki/File:D%C3%BClmen,_Kirchspiel,_Wiese_in_der_Bauerschaft_B%C3%B6rnste_--_2016_--_1523-9.jpg
+Image modified in usage (Cropped, resized, sharpened).
\ No newline at end of file

diff --git a/static/images/blog-cover-images/cc-by-sa-4/fence2-dietmar-rabich.jpg b/static/images/blog-cover-images/cc-by-sa-4/fence2-dietmar-rabich.jpg
new file mode 100644 (file)
index 0000000..f246519
--- /dev/null
+++ b/static/images/blog-cover-images/cc-by-sa-4/fence2-dietmar-rabich.jpg
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:deadce3574d66ca476b5477dc55f08e76ac2e45d66c8f85bd84f85687b84b1c9
+size 331800